I think I'd give this more credit if both the article about it and the distro's official website weren't all complete and utter AI slop. It's pretty cool idea generally, though.
I think I'd give this more credit if both the article about it and the distro's official website weren't all complete and utter AI slop. It's pretty cool idea generally, though.
New Linux distro just dropped ... literally "Debian without OS-level age verification". Even better and more interesting (also linked in the parent article) is their website, working to document...
New Linux distro just dropped ... literally "Debian without OS-level age verification".
Even better and more interesting (also linked in the parent article) is their website, working to document the position of all major Linux distros on this issue, as well as getting ready to provide explicit tutorial documentation on how to rip OS-level age verification out of your distro of choice.
No word yet on Microsoft's position on the subject.
I feel like I am missing the core problem here. Having the age thing be at the OS level seems WAY safer than any kind of "send us your ID" crap, and on linux it should be as easy as just setting a...
I feel like I am missing the core problem here.
Having the age thing be at the OS level seems WAY safer than any kind of "send us your ID" crap, and on linux it should be as easy as just setting a birthday to 1/1/1970 in the installer if you aren't concerned about parental controls or whatever.
I find this really interesting. Fundamentally, I agree that age verification should not be within the purview of an OS, but at the same time given we're already in a world where websites are being...
I find this really interesting. Fundamentally, I agree that age verification should not be within the purview of an OS, but at the same time given we're already in a world where websites are being forced to, perhaps OS level age verification is the lesser evil? It centralises the vulnerability and opportunity for data leak, so only one entity is doing the age verification instead of every website/identity provider
I don't think websites should be in the business of age verification either, exactly for the risk of data leaks. The safest way to store data is to never obtain it to begin with. And if you want...
I don't think websites should be in the business of age verification either, exactly for the risk of data leaks. The safest way to store data is to never obtain it to begin with.
And if you want to protect the kids from bad websites, that's what parental controls are for. If you don't want your kid to see something and talking to them isn't working, push for better parental controls rather than this arbitrary surveillance.
For example the owner of a device could activate "child mode" on an account (without age verification) which changes the user agent on the device to have a child flag, and when you try to access websites and apps the vendor checks for the presence of the flag and disallows access. Then you have a law requiring vendors to check for the flag with strict penalties for non-compliance, pushing the burden onto the companies. I'm sure there are issues with this too, but my point is there are other ways to police access anonymously.
This feels like shooting the messenger to me, there's no burden or punishment for the providers of harmful content with this law.
Having the OS report a pass/fail signal to a querying app or site is much better than uploading your biometrics and government IDs to eleventybillion different sites. So long as that OS doesn't...
Having the OS report a pass/fail signal to a querying app or site is much better than uploading your biometrics and government IDs to eleventybillion different sites.
So long as that OS doesn't then also snitch on what sites you've been visiting to some other third party, keep a log of them or otherwise do anything nefarious with the data. Ideally it wouldn't keep it at all.
Once that's implemented though, the next logical step instead of self determined age, is to have the OS collect and process more robust identification data, so that it can do identity verification, as well as age verification.
I mean, we were fine with the first part right? That would only be a little more. And then, we could have ...
In an attempt to head off slippery slope arguments, I'd point out that the default position is /currently/ to upload government ID and biometrics. So arguing that that position is the mid game of OS level age attestation is not slippery, but rather based on evidence of current practice.
On the topic of ageless distros, NixOS is an interesting example, because it's not a distribution, but a configuration which you use to locally build your operating system.
On the topic of ageless distros, NixOS is an interesting example, because it's not a distribution, but a configuration which you use to locally build your operating system.
I think I'd give this more credit if both the article about it and the distro's official website weren't all complete and utter AI slop. It's pretty cool idea generally, though.
New Linux distro just dropped ... literally "Debian without OS-level age verification".
Even better and more interesting (also linked in the parent article) is their website, working to document the position of all major Linux distros on this issue, as well as getting ready to provide explicit tutorial documentation on how to rip OS-level age verification out of your distro of choice.
No word yet on Microsoft's position on the subject.
I feel like I am missing the core problem here.
Having the age thing be at the OS level seems WAY safer than any kind of "send us your ID" crap, and on linux it should be as easy as just setting a birthday to 1/1/1970 in the installer if you aren't concerned about parental controls or whatever.
I find this really interesting. Fundamentally, I agree that age verification should not be within the purview of an OS, but at the same time given we're already in a world where websites are being forced to, perhaps OS level age verification is the lesser evil? It centralises the vulnerability and opportunity for data leak, so only one entity is doing the age verification instead of every website/identity provider
I don't think websites should be in the business of age verification either, exactly for the risk of data leaks. The safest way to store data is to never obtain it to begin with.
And if you want to protect the kids from bad websites, that's what parental controls are for. If you don't want your kid to see something and talking to them isn't working, push for better parental controls rather than this arbitrary surveillance.
For example the owner of a device could activate "child mode" on an account (without age verification) which changes the user agent on the device to have a child flag, and when you try to access websites and apps the vendor checks for the presence of the flag and disallows access. Then you have a law requiring vendors to check for the flag with strict penalties for non-compliance, pushing the burden onto the companies. I'm sure there are issues with this too, but my point is there are other ways to police access anonymously.
This feels like shooting the messenger to me, there's no burden or punishment for the providers of harmful content with this law.
Having the OS report a pass/fail signal to a querying app or site is much better than uploading your biometrics and government IDs to eleventybillion different sites.
So long as that OS doesn't then also snitch on what sites you've been visiting to some other third party, keep a log of them or otherwise do anything nefarious with the data. Ideally it wouldn't keep it at all.
Once that's implemented though, the next logical step instead of self determined age, is to have the OS collect and process more robust identification data, so that it can do identity verification, as well as age verification.
I mean, we were fine with the first part right? That would only be a little more. And then, we could have ...
In an attempt to head off slippery slope arguments, I'd point out that the default position is /currently/ to upload government ID and biometrics. So arguing that that position is the mid game of OS level age attestation is not slippery, but rather based on evidence of current practice.
On the topic of ageless distros, NixOS is an interesting example, because it's not a distribution, but a configuration which you use to locally build your operating system.